.. role:: red .. role:: bred Lab 2.1: Review the lab diagram and map out the services and endpoints ---------------------------------------------------------------------- .. note:: In this lab there is a web server on the internal network (the client's network in this case) that external users want to get to. An external client desktop exists on the external/outbound network, that accesses these resources through SSLO. To test the deployed solution, RDP to the :bred:`Inbound Win7 Client`. Username = :red:`student` / Password = :red:`agility` - The external client is attached to a :red:`10.30.0.0/24` network and is assigned the IP :red:`10.30.0.70`. This network is attached to the BIG-IP :red:`1.2` interface. - The web server is an Ubuntu 14.04 LTS server configured with Apache2 and PHP5, and listens on five addresses: - :red:`10.20.0.90` - :red:`10.20.0.91` - :red:`10.20.0.92` - :red:`10.20.0.93` - :red:`10.20.0.94` .. note:: Each instance includes a simple Apache2 text page that also shows which site was accessed. The pages are all (only) hosted via HTTPS port 443. - In lieu of a separate DNS server in the lab, the external client has static /etc/hosts entries that map the above addresses to the following URLs, respectively: - :red:`test0.f5labs.com` - :red:`test1.f5labs.com` - :red:`test2.f5labs.com` - :red:`test3.f5labs.com` - :red:`test4.f5labs.com` - A wildcard (:red:`\*.f5labs.com`) server certificate and private key have been installed on the SSL Orchestrator. The external client has two options for accessing the internal websites: via wildcard (0.0.0.0/0) gateway, and direct IP listener. The lab will explore both options below. .. note:: SSL Orchestrator sends all traffic through an inline layer 3 or HTTP device in the same direction - entering through the inbound interface. It is likely, therefore, that the layer 3 device may not be able to correctly route both outbound (forward proxy) and inbound (reverse proxy) traffic at the same time. Please see the appendix, "Routing considerations for layer 3 devices" for more details.